feat: Add /prerelease slash command for PyPI prereleases

[aaronsteers]

Summary

Adds a new /prerelease slash command that allows maintainers to build and publish prerelease versions of PyAirbyte to PyPI directly from PRs. This enables testing PR changes via pip install without requiring a full release.

Changes:

• New prerelease-command.yml workflow with 3 jobs: "Set up Workflow", "Call Publish Workflow", "Write Status to PR"
• Enhanced pypi_publish.yml to support workflow_call with git_ref, version_override, and publish inputs
• Registered the command in slash_command_dispatch.yml
• Updated both PR welcome messages to document the new command

Workflow behavior:

• Computes unique prerelease version: {base}.dev{pr_number}{run_id} (e.g., 0.34.0.dev825123456789)
• Uses refs/pull/<PR>/head for fork compatibility
• Posts a comment when the build starts with a link to the job
• On success: Posts installation instructions (pip install airbyte==<version>)
• On failure: Posts error message with fallback git install instructions

Review & Testing Checklist for Human

• Verify PyPi environment exists in GitHub repo settings with OIDC trusted publishing configured. The workflow will fail if this isn't set up correctly.
• Confirm publishing to production PyPI is intended - This publishes to real PyPI, not TestPyPI. Prerelease versions will be publicly installable.
• Test the workflow end-to-end by commenting /prerelease on a test PR after merging. This is the only way to verify the workflow actually works since it requires the slash command dispatch infrastructure.
• Test with a fork PR to verify refs/pull/<PR>/head checkout works correctly for fork contributions.

Notes

• The environment name is PyPi (capital P) - ensure this matches the actual GitHub environment name exactly.
• Version format uses PR number + run ID to ensure uniqueness across multiple prerelease attempts on the same PR.
• The workflow reuses pypi_publish.yml via workflow_call to avoid duplicating build/publish logic.

Link to Devin run: https://app.devin.ai/sessions/c86d36be59664129af00617d0e66bc4d
Requested by: AJ Steers (@aaronsteers)

Summary by CodeRabbit

• New Features
  • Added a /prerelease PR slash command to trigger on‑demand prerelease builds.
  • New on‑demand prerelease workflow that builds and publishes prerelease packages and posts success/failure comments on the PR with installation instructions and fallback guidance.
  • Publish workflow enhanced to accept a version override and explicit publish flag, enabling conditional prerelease publishing and flexible build references.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[devin-ai-integration]

Original prompt from AJ Steers

Received message in Slack channel #ask-devin-ai:

@Devin Please refresh my memory on this one. IIRC:
1. We may already have a PR but I don't recall why it wasn't merged.
2. The destination-side fix (probably in the CDK) is to not care if a namespace is provided as null. (Difference between _not_ being sent or being sent _as null_ is a JSON delivery nuance.)

Thread URL: https://airbytehq-team.slack.com/archives/C08BHPUMEPJ/p1765591320408679

Quote of conversation (https://airbytehq-team.slack.com/archives/C06FZ238P8W/p1765588766040519?thread_ts=1765588766.040519&cid=C06FZ238P8W):
> From Biplove Jaisi
> Hi everyone :wave:

> I’m trying to use PyAirbyte to move data from an S3 source to an Iceberg destination. The sync from the source to DuckDB cache works fine, but when loading into Iceberg, I’m getting an error saying that the namespace cannot be null.

> The issue is that the S3 source doesn’t seem to have any field or config option to populate the namespace, so I’m not sure how to handle this requirement on the destination side.

> Has anyone faced this before or found a workaround? Any guidance would be really appreciated. Thanks in advance! :pray:
> Posted on December 13, 2025 at 01:19 AM

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[github-actions]

👋 Greetings, Airbyte Team Member!

Here are some helpful tips and reminders for your convenience.

Testing This PyAirbyte Version

You can test this version of PyAirbyte using the following:

# Run PyAirbyte CLI from this branch:
uvx --from 'git+https://github.com/airbytehq/PyAirbyte.git@devin/1765592184-add-prerelease-command' pyairbyte --help

# Install PyAirbyte from this branch for development:
pip install 'git+https://github.com/airbytehq/PyAirbyte.git@devin/1765592184-add-prerelease-command'

Helpful Resources

• PyAirbyte Documentation
• API Reference

PR Slash Commands

Airbyte Maintainers can execute the following slash commands on your PR:

• /fix-pr - Fixes most formatting and linting issues
• /poetry-lock - Updates poetry.lock file
• /test-pr - Runs tests with the updated PyAirbyte

Community Support

Questions? Join the #pyairbyte channel in our Slack workspace.

📝 Edit this welcome message.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds an on-demand "prerelease" slash command and supporting GitHub Actions workflow to build/publish prerelease Python packages; updates the slash command dispatcher and extends the reusable pypi_publish workflow to accept git_ref, version_override, and a publish flag.

Changes

Cohort / File(s)	Summary
Docs / Command list \.github/pr-welcome-community.md, \.github/pr-welcome-internal.md	Add /prerelease entry to PR Slash Commands documentation with description "Builds and publishes a prerelease version to PyPI".
New workflow \.github/workflows/prerelease-command.yml	Add "On-Demand Prerelease" workflow triggered by workflow_dispatch with inputs pr and optional comment-id. Implements resolve-pr job (resolve CI vars, guard against forks, compute prerelease version, post initial comment), build-and-publish job that calls the reusable pypi_publish workflow with git_ref + version_override + publish=true, and post-result-comment job to post success/failure instructions.
Slash command dispatcher \.github/workflows/slash_command_dispatch.yml	Add prerelease to allowed slash commands list used by the dispatcher.
Reusable PyPI publish workflow \.github/workflows/pypi_publish.yml	Add workflow_call inputs: git_ref, version_override, publish; support checking out the provided git_ref; implement prepare-version-override outputs and conditional build steps using POETRY_DYNAMIC_VERSIONING_BYPASS; make publishing conditional on publish input or tag trigger; restrict GitHub release upload to tag-triggered runs.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant Dispatcher as Slash Command Dispatcher
  participant GHWF as On-Demand Prerelease WF
  participant Resolver as resolve-pr job
  participant PypiWF as pypi_publish workflow
  participant PyPI as PyPI/GitHub Release
  participant Comments as PR Comments

  User->>Dispatcher: Post "/prerelease" slash command
  Dispatcher->>GHWF: Trigger workflow_dispatch (pr, comment-id)
  GHWF->>Resolver: run resolve-pr (resolve meta, guard forks, compute version)
  Resolver->>Comments: Post initial "building" comment
  Resolver->>PypiWF: call pypi_publish with git_ref + version_override + publish=true
  PypiWF->>PyPI: Build and upload package (or skip release upload if not a tag)
  PypiWF-->>GHWF: return result (success/failure, outputs)
  GHWF->>Comments: Post success comment with install instructions OR failure comment with logs and branch install fallback
  Comments-->>User: Deliver post-result message

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20–30 minutes

• Review focus areas:
  • \.github/workflows/prerelease-command.yml: verify fork-guard logic, input names (pr, comment-id), and permissions used for publishing — review secret exposure and permissions. Would you like me to flag specific steps that touch secrets or permissions for closer inspection, wdyt?
  • \.github/workflows/pypi_publish.yml: inspect version_override handling, POETRY_DYNAMIC_VERSIONING_BYPASS usage, and conditional publish/release branches — should we run a dry build with version_override to validate behavior, wdyt?
  • \.github/workflows/slash_command_dispatch.yml: confirm the allowed-commands list matches runtime checks and comment handling — want me to list the exact lines to verify parity, wdyt?

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main feature added: a new /prerelease slash command for PyPI prereleases, which aligns perfectly with the changeset's core objective.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch devin/1765592184-add-prerelease-command

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

.github/workflows/prerelease-command.yml (3)

147-166: Consider clarifying fallback behavior on publish failure.

This comment informs users they can "download the built wheel from the workflow artifacts" (line 166) when TestPyPI publish fails. However, there's no verification that artifacts are actually available or accessible. Since continue-on-error: true is intentional (per PR objectives), users should have a reliable way to access the prerelease artifacts.

Wdyt about adding a check to confirm artifacts exist before pointing users to them? Or adding a direct link to the workflow run where they can download artifacts?

You could replace the vague "workflow artifacts" link with a more direct URL:

-          > Or download the built wheel from the [workflow artifacts](${{ needs.start-workflow.outputs.job-run-url }}).
+          > Or download the built wheel from the [job artifacts](${{ needs.start-workflow.outputs.job-run-url }}#artifacts).

This makes it more explicit where to find the artifacts.

---

101-103: Verify TestPyPi environment configuration.

The workflow references environment "TestPyPi" (case-sensitive, line 102). Per the PR objectives, this environment must exist and be configured for OIDC trusted publishing. If the environment is misconfigured or doesn't exist, the workflow will fail with a cryptic GitHub error.

Consider adding a validation step or clearer documentation about the prerequisite environment setup. Should this be documented in the PR description or in a separate setup guide?

As a follow-up: Can you confirm the TestPyPi environment is already configured in the repository? If not, consider adding a setup guide or validation step.

---

168-183: Post-failure-comment job dependencies may miss some failures.

The post-failure-comment job depends on [start-workflow, build-prerelease] (line 170) and uses if: failure(). However, if the start-workflow job itself fails, the post-failure-comment job won't run because it's listed as a dependency. Consider whether you want to catch failures even in the start-workflow step.

If you want to ensure failure comments post even if start-workflow fails, you could add always() to the condition:

   post-failure-comment:
     name: Post Failure Comment
     needs: [start-workflow, build-prerelease]
-    if: failure()
+    if: failure() && always()
     runs-on: ubuntu-latest

But note: this depends on whether you want to post comments for all types of failures. Wdyt?

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f882e93 and 2162f97.

📒 Files selected for processing (4)

• .github/pr-welcome-community.md (1 hunks)
• .github/pr-welcome-internal.md (1 hunks)
• .github/workflows/prerelease-command.yml (1 hunks)
• .github/workflows/slash_command_dispatch.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: Pytest (All, Python 3.11, Windows)
• GitHub Check: Pytest (All, Python 3.11, Ubuntu)
• GitHub Check: Pytest (No Creds)
• GitHub Check: Pytest (All, Python 3.10, Ubuntu)
• GitHub Check: Pytest (All, Python 3.10, Windows)
• GitHub Check: Pytest (Fast)

🔇 Additional comments (6)

.github/pr-welcome-internal.md (1)

29-29: LGTM!

Documentation is clear and consistently placed alongside other slash commands.

.github/workflows/slash_command_dispatch.yml (1)

37-37: LGTM!

The command is correctly added to the allowlist in the expected format.

.github/pr-welcome-community.md (1)

30-30: LGTM!

Consistent documentation across internal and community welcome messages.

.github/workflows/prerelease-command.yml (3)

105-108: Verify artifact handling and naming.

The step downloads an artifact named "Packages" from the hynek build action. Please verify:

• Does hynek/build-and-inspect-python-package actually output an artifact named "Packages"?
• Is the artifact path "dist" correct?
• If the artifact doesn't exist or has a different name, the TestPyPI publish step will silently fail to find packages.

Can you confirm the artifact name and path match what the hynek action produces? If they don't match, the workflow will fail silently at the download step.

---

125-146: Dependent on version extraction fix.

The success comment references needs.build-prerelease.outputs.version (line 135, 139), which will be incorrect until the version extraction logic is fixed (see earlier comment). Once that's addressed, this comment section should work correctly. The installation instructions look good otherwise — both TestPyPI and git-based installs are provided.

Please fix the version extraction first, then verify the version shown here matches the actual dynamic version from the build.

---

1-22: Workflow structure and permissions look solid.

The workflow dispatch inputs, permissions for OIDC trusted publishing, and job dependencies are well structured. The use of a custom resolve-ci-vars-action to extract PR metadata is a good pattern for slash-command workflows. The comments posted at each stage (start, success, failure) provide good visibility into the prerelease process.

Once the version extraction issue is addressed, this workflow should be in good shape. The graceful fallback on TestPyPI publish failures (via continue-on-error: true) aligns well with the PR objectives.

[github-actions]

PyTest Results (Fast Tests Only, No Creds)

348 tests  ±0   348 ✅ ±0   5m 43s ⏱️ -7s
  1 suites ±0     0 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit 4c42335. ± Comparison against base commit f882e93.

♻️ This comment has been updated with latest results.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

.github/workflows/prerelease-command.yml (1)

63-73: Harden the version compute script + fix ShellCheck quoting (SC2086)

Could we add set -euo pipefail and quote $GITHUB_OUTPUT to avoid word-splitting/globbing issues, wdyt? (Also aligns with the prior SC2086 finding.)

     - name: Compute prerelease version
       id: version
       run: |
+        set -euo pipefail
         # Get the latest tag version (strip 'v' prefix if present)
         LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0.0")
         BASE_VERSION=${LATEST_TAG#v}
@@
         # Format: {base}.dev{pr_number}{run_id} (e.g., 0.34.0.dev825123456789)
         PRERELEASE_VERSION="${BASE_VERSION}.dev${{ github.event.inputs.pr }}${{ github.run_id }}"
-        echo "version=$PRERELEASE_VERSION" >> $GITHUB_OUTPUT
+        echo "version=$PRERELEASE_VERSION" >> "$GITHUB_OUTPUT"
         echo "Computed prerelease version: $PRERELEASE_VERSION"

🧹 Nitpick comments (1)

.github/workflows/prerelease-command.yml (1)

105-126: Failure path UX: consider also handling “publish failed but build succeeded”

Right now, the failure comment only triggers on job failure, but a “publish failed, build succeeded” case could still want the git-install fallback instructions. Could we have the called workflow expose an output like published: true|false and branch the comment accordingly (or post both options on success), wdyt?

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2162f97 and b6acdb1.

📒 Files selected for processing (4)

• .github/pr-welcome-community.md (1 hunks)
• .github/pr-welcome-internal.md (1 hunks)
• .github/workflows/prerelease-command.yml (1 hunks)
• .github/workflows/pypi_publish.yml (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• .github/pr-welcome-internal.md
• .github/pr-welcome-community.md

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: yohannj
Repo: airbytehq/PyAirbyte PR: 716
File: airbyte/logs.py:384-402
Timestamp: 2025-07-11T19:53:44.427Z
Learning: In the PyAirbyte project, when reviewing PRs, maintain clear separation of concerns. Don't suggest changes that are outside the scope of the PR's main objective, even if they would improve consistency or fix other issues. This helps with reviewing changes and potential reverts.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Pytest (All, Python 3.11, Ubuntu)
• GitHub Check: Pytest (All, Python 3.11, Windows)
• GitHub Check: Pytest (No Creds)
• GitHub Check: Pytest (All, Python 3.10, Ubuntu)
• GitHub Check: Pytest (Fast)

🔇 Additional comments (4)

.github/workflows/pypi_publish.yml (3)

48-51: Verify environment configuration supports both PyPI and TestPyPI publishing.

The publish job uses a single PyPi environment for both tag-based releases and prerelease builds. However, PR objectives indicate a separate TestPyPi environment should be used for prerelease versions.

Currently, there's no conditional logic to select the environment based on trigger type. Should the code:

1. Use different environments (e.g., PyPi for tags, TestPyPi for prerelease input)?
2. Dynamically set the environment name based on inputs.publish?
3. Or is the assumption that the PyPi environment will be reconfigured per-deployment context?

Wdyt on how to structure this to avoid accidentally publishing test versions to production PyPI?

---

35-37: Version override mechanism looks good.

The POETRY_DYNAMIC_VERSIONING_BYPASS environment variable is documented as the correct way to bypass the VCS mechanisms and use a static version, so this implementation should work as intended. The version computed in the prerelease workflow will be used directly during the build.

---

57-66: LGTM: Conditional upload logic.

The release upload now correctly runs only for tag-based triggers, keeping GitHub release artifacts separate from prerelease builds.

.github/workflows/prerelease-command.yml (1)

84-104: Review comment is incorrect—package publishes to PyPI with correct naming

The workflow already publishes to production PyPI (not TestPyPI) with the correct package name airbyte. The current install command pip install airbyte==... is accurate. Additionally, the job dependency structure (where post-success-comment requires build-and-publish to succeed) and the separate post-failure-comment job (with if: failure()) already handle success/failure scenarios appropriately—there's no risk of posting a success message when publish fails.

Likely an incorrect or invalid review comment.

[github-actions]

PyTest Results (Full)

416 tests  ±0   399 ✅ ±0   22m 17s ⏱️ - 2m 41s
  1 suites ±0    17 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit 4c42335. ± Comparison against base commit f882e93.

♻️ This comment has been updated with latest results.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/prerelease-command.yml (2)

63-73: Version computation approach is solid and PEP 440 compliant.

The prerelease version format (0.34.0.dev{PR}{RUN_ID}) ensures uniqueness across multiple prerelease attempts and follows Python versioning standards. Since github.run_id is globally unique, there's no collision risk.

One minor suggestion: would it be worth adding a brief comment on line 70 documenting the version format for future maintainers, or is the current explanation sufficient?

---

106-122: Failure fallback and git install approach is solid.

The fallback git install command (lines 119-122) provides good user experience when PyPI publish fails. The URL format is correct and will allow users to test the PR branch directly.

One note: This fallback assumes users can install from git. You may want to consider whether adding a note about installation requirements (e.g., "requires Git to be installed") would be helpful, but this is optional.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7b48ddc and cc5db3f.

📒 Files selected for processing (1)

• .github/workflows/prerelease-command.yml (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: yohannj
Repo: airbytehq/PyAirbyte PR: 716
File: airbyte/logs.py:384-402
Timestamp: 2025-07-11T19:53:44.427Z
Learning: In the PyAirbyte project, when reviewing PRs, maintain clear separation of concerns. Don't suggest changes that are outside the scope of the PR's main objective, even if they would improve consistency or fix other issues. This helps with reviewing changes and potential reverts.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: Pytest (All, Python 3.11, Windows)
• GitHub Check: Pytest (All, Python 3.10, Ubuntu)
• GitHub Check: Pytest (All, Python 3.10, Windows)
• GitHub Check: Pytest (All, Python 3.11, Ubuntu)
• GitHub Check: Pytest (Fast)
• GitHub Check: Pytest (No Creds)

🔇 Additional comments (2)

.github/workflows/prerelease-command.yml (2)

75-82: Reusable workflow invocation looks properly structured, but needs verification of version override behavior.

The job correctly passes version_override and git_ref to the reusable workflow. However, I need to verify that pypi_publish.yml correctly uses the version_override parameter to publish with the computed prerelease version (and doesn't fall back to poetry-dynamic-versioning).

Can you confirm that the pypi_publish.yml workflow:

1. Respects the version_override input when set?
2. Publishes to the intended PyPI target (production PyPI, based on your earlier feedback)?

---

90-105: Success message lacks clarity on PyPI target, and PR objectives mention TestPyPI—need clarification.

Your earlier feedback indicated you want "a real prerelease" on production PyPI (not TestPyPI), which makes sense. However, the PR objectives mention verifying a TestPyPi environment. The success message at line 98 currently says "Published to PyPI" without specifying which instance.

Questions:

1. Should the message explicitly state "Published to PyPI" (production) vs "Published to TestPyPI"?
2. Are the TestPyPI environment checks in the objectives still relevant, or have you decided to publish directly to production PyPI?

This would help clarify the implementation intent.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/prerelease-command.yml (2)

57-67: Consider version format to ensure chronological ordering across multiple prerelease builds.

The current format {base}.dev{pr}{run_id} works for uniqueness but can produce non-chronological version ordering. For instance, a later PR with a small run_id (e.g., PR#2 with run_id=1) would produce version 0.34.0.dev21, while an earlier PR with a large run_id (e.g., PR#1 with run_id=99999999) produces 0.34.0.dev199999999—and 21 < 199999999, so the later version appears older in version comparisons.

Would you consider using a separator like {base}.dev{pr}.{run_id} (e.g., 0.34.0.dev2.1) to ensure proper sort ordering? This is still PEP 440 compliant and makes chronological relationships clearer.

---

91-99: Clarify prerelease context in success message.

The success comment says "Published to PyPI" but doesn't indicate whether this is production PyPI or a test repository. Users reading this may try to install immediately and encounter issues if the version isn't available or if this is a TestPyPI-only release.

Would you consider adding a note about what this prerelease version is for (e.g., "This is a development prerelease for testing—ensure you understand version pinning before using in production")? This might also reference which PyPI repository the version was published to.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cc5db3f and 2b57120.

📒 Files selected for processing (1)

• .github/workflows/prerelease-command.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: Pytest (All, Python 3.11, Ubuntu)
• GitHub Check: Pytest (All, Python 3.11, Windows)
• GitHub Check: Pytest (All, Python 3.10, Windows)
• GitHub Check: Pytest (All, Python 3.10, Ubuntu)
• GitHub Check: Pytest (No Creds)
• GitHub Check: Pytest (Fast)

🔇 Additional comments (1)

.github/workflows/prerelease-command.yml (1)

36-67: Verify prerelease versioning integrates correctly with pypi_publish.yml.

The custom versioning scheme here computes a dev version independently of poetry-dynamic-versioning. Ensure that pypi_publish.yml correctly applies the version_override parameter to the build artifacts so the published package matches the version advertised in PR comments. Also verify this version format is accepted by your target PyPI repository (TestPyPI or production).

Can you confirm:

1. How does pypi_publish.yml use the version_override parameter? (Does it override poetry-dynamic-versioning, or does it conflict?)
2. Which PyPI repository is the target? (The PR objectives mention TestPyPI, but want to confirm the actual behavior.)
3. Does the TestPyPi environment exist in your repository settings with OIDC trusted publishing configured?